<?
session_start();

include('./../config/db_settings.php');
include('pms_inc.php');

$user = $_SESSION[$settings['session_prefix'].'user_id'];
//echo '$user:'.$user;
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN">
<head>
<title>Private Message Center</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="../templates/<? echo $settings['template'] ?>/style.css" media="all" />
<script src="../js/textLength.js" type="text/javascript"></script>
<script src="../js/javascripts.js" type="text/javascript"></script>
</head>
<body>
<?     
    //Are they logged in or not?
    if(!$user)
        {
        echo "<br><p>You aren't logged in. Please log in first.</p><br>";
        }
        
    else
        {
        //check variable(s) from the URL first
        $msg_id = $_REQUEST['msg_id'];
        $user_id = $_REQUEST['uid'];
        
        $receiver_id = 0;
        $sendto = "";
        $subject = "";
        
        if($msg_id>0)
        {
            //Get all of the information about the message with and id number of the one sent through the URL
            $view_msg = mysql_query("SELECT a.receiver_id, a.subject, b.user_name sendto FROM ".$db_settings['messages_table']." a join ".$db_settings['userdata_table']." b on a.sender_id=b.user_id WHERE a.id = '$msg_id'");
            $msg = mysql_fetch_array($view_msg);
            
            $receiver_id = $msg['receiver_id'];
            
            //make sure this msg was sent to the current user
            if($receiver_id == $user)
            {
                $sendto = $msg['sendto'];
                $subject = "RE: ".htmlspecialchars(stripslashes(base64_decode($msg['subject'])));
            }
        }
        else
        {
            if($user_id>0)
            {
                //Get the send-to user name
                $sql = mysql_query("SELECT user_name sendto FROM ".$db_settings['userdata_table']." where user_id = '$user_id'");
                $row = mysql_fetch_array($sql);
                $sendto = $row['sendto'];
            }
        
        }
        
        //Get your private message count
        //$sql = mysql_query ("SELECT count(*) pm_count FROM ".$db_settings['messages_table']." WHERE receiver_id='$user'");
        //$row = mysql_fetch_array ($sql);
        //$pm_count = $row['pm_count'];
        
        //$percent = $pm_count/'50';
        //$percent = $percent * '100';
        ?>
        <br>
        <center>
        <b><p><a href="inbox.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b>
        </center>
        <br>
        
        <?
        if($sendto)
        {
            //go directly to the form
            $receiver = $sendto;
            $error = '0';
        }
        else
        {
            //So here we get the variable submitted through the form to this page
            $receiver = $_POST['name'];
            $subject = $_POST['subject'];
            $message = $_POST['text'];
            $error = '0';
            
            //If they are all blank we jsut say to compose a message
            if(!$receiver AND !$subject)
                {
                ?>
                <p><b>Please compose a message.</b></p>
                <br>
                <?
                }
            
            //Since this form was partially filled out we need to return an error message
            else
                {
                if (!$receiver)
                    {
                    $error = 'You must enter a receiver to your message';
                    }
                
                if (!$subject)
                    {
                    $error = 'You must enter a subject';
                    }
                
                
                //If the variable error is not set to zero, we have a problem and should show the error message
                if($error != '0')
                    {
                    echo "<p>$error</p><br>";
                    }
                
                //There are no errors so far which means the form is completely filled out    
                else
                    {
                    //Are they trying to send a message to a real user or to something they just made up?
                    $user_check = mysql_query("SELECT user_id FROM ".$db_settings['userdata_table']." WHERE user_name='$receiver'");
                    $row = mysql_fetch_array ($user_check);
                    $receiver_id = $row['user_id'];
                    $user_check = $receiver_id;
                    
                    //The user is real and not made up if this is true
                    if($user_check > '0')
                        {
                        //There might already be a sessioned time variable, if so we need to get it for the flood check
                        $time = $_SESSION['pm_time'];
                        
                        //If there is a time variable already, set it to the varialbe $old_time
                        if($time > '0')
                            {
                            $old_time = $time;
                            }
                        
                        //Here we get the minutes and seconds on the server time using the date function, and set that to the $time variable
                        //Now we find the difference between this time ($time) and the time that the page was submitted ($old_time)
                        $time = date('ymdHis');
                        $difference = $time - $old_time;
                        
                        $_SESSION['pm_time'] = $time;
                        
                        //If the two times have a difference greater or equal to 10, which is 10 seconds, they can submit the message, this is for flood protection
                        if($difference >= '10')
                            {
                            //Get their private message count
                            $sql = mysql_query ("SELECT count(*) pm_count FROM ".$db_settings['messages_table']." WHERE receiver_id='$receiver_id'");
                            $row = mysql_fetch_array ($sql);
                            $pm_count = $row['pm_count'];
                                                    
                            //You cant have more than 50 private messages, if they try sending a message to a user with a full inbox return an error message
                            if(pm_count == '50')
                                {
                                $error = 'The user you are trying to send a message to has 50 private messages, sorry but we can not send your message untill that user deletes some of their messages.';
                                }
                                
                            else
                                {    
                                //And not we stick the message in the database with all the correct information
                                $subject=base64_encode($subject);
                                $message=base64_encode($message);
                                mysql_query("INSERT INTO ".$db_settings['messages_table']." (receiver_id, sender_id, subject, message) VALUES($receiver_id, $user, '$subject', '$message')") or die (mysql_error());
                                $subject = "";
                                }
                                
                            //Let the user know everything went ok.
                            echo "<p><b>You have successfully sent a private message!</b></p><br>";
                            }
                        
                        //Since they are trying to send messages faster than every 10 seconds, give them an error message    
                        else
                            {
                            $error = 'You must wait 10 seconds before sending another private message';
                            }
                        }
                    
                    //If they mis spelled or, made up a username, then give an error message telling them its wrong.
                    else
                        {
                        $error = 'That username does not exist, please try again.';
                        }
                    }
                }
        }
            
        //Since we may have set the error variable to something while trying to send the messae, we need another error check
        if($error != '0')
            {
            echo "<p>$error</p><br>";
            }
            
        else
            {
            //Here's the form for the input
            ?>
            <form method="post" action="compose.php" id="postingform" accept-charset="UTF-8">
            
            <table width="80%">
              <tr>
                <td width="150px" align="left" valign="top"><p>Username</p></td>
                <td width="" align="left" valign="top"><input name="name" type="text" id="name" value="<? echo "$receiver"; ?>"></td>
              </tr>
              
              <tr>
                <td width="150px" align="left" valign="top"><p>Subject</p></td>
                <td width="" align="left" valign="top"><textarea id="subject" rows=3 cols="70" wrap="virtual" name="subject" length="200" value="<? echo "$subject"; ?>"></textarea></td>
              </tr>
              <tr>
                <td width="150px" align="left" valign="top">&nbsp;</td>
                <td width="" align="left" valign="top"><span class="xsmall">Subject's max length is 200 characters. You have <font color="red"><span id="subjectsize"></span></font>&nbsp;characters left.</span></td>
                <script type="text/javascript">
								  document.getElementById("subjectsize").innerHTML = 200 - document.getElementById("subject").value.len();
								</script>
              </tr>
              <tr>
                <td width="150px" align="left" valign="top">&nbsp;</td>
                <td width="" align="left" valign="top">&nbsp;</td>
              </tr>
              <tr>
                <td width="150px" align="left" valign="top"><p>Message Body</p></td>
                <td width="" align="left" valign="top"><textarea name="text" type="text" id="text" value="" cols="70" rows="12" length="1500"></textarea></td>
              </tr>
              <tr>
                <td width="150px" align="left" valign="top">&nbsp;</td>
                <td width="" align="left" valign="top"><span class="xsmall">Message body's max length is 1500 characters. You have <font color="red"><span id="textsize"></span></font>&nbsp;characters left.</span></td>
                <script type="text/javascript">
								  document.getElementById("textsize").innerHTML = 1500 - document.getElementById("text").value.len();
								</script>
              </tr>
              <tr>
                <td width="150px" align="left" valign="top">&nbsp;</td>
                <td width="" align="left" valign="top">&nbsp;</td>
              </tr>
                  
              <tr>  
                <td></td>
                <td><input type="submit" name="Submit" value="Send Message" onclick="return is_postingform_complete('No%20username%20has%20been%20entered','No%20subject%20has%20been%20entered','')"> <img id="throbber-submit" style="visibility:hidden;" src="../templates/default/images/throbber_submit.gif" alt="" width="16" height="16" /></td>
              </tr>
            </table>
            </form>
            
            <?
            }
        }    
    ?>
    
</body>
</html>